Secure Hash Algorithms

In the past, many cryptographic hash algorithms were proposed and used by software developers. Some of them was broken (like MD5 and SHA1), some are still considered secure (like SHA-2, SHA-3 and BLAKE2). Let's review the most widely used cryptographic hash functions (algorithms).

Secure Hash Functions

Modern cryptographic hash algorithms (like SHA-3 and BLAKE2) are considered secure enough for most applications.

SHA-2, SHA-256, SHA-512

SHA-2 is a family of strong cryptographic hash functions: SHA-256 (256 bits hash), SHA-384 (384 bits hash), SHA-512 (512 bits hash), etc. It is based on the cryptographic concept "Merkle–Damgård construction" and is considered highly secure. SHA-2 is published as official crypto standard in the United States.

SHA-2 is widely used by developers and in cryptography and is considered cryptographically strong enough for modern commercial applications.

SHA-256 is widely used in the Bitcoin blockchain, e.g. for identifying the transaction hashes and for the proof-of-work mining performed by the miners.

More Hash Bits == Higher Collision Resistance

By design, more bits at the hash output are expected to achieve stronger security and higher collision resistance (with some exceptions). As general rule, 128-bit hash functions are weaker than 256-bit hash functions, which are weaker than 512-bit hash functions.

Thus, SHA-512 is stronger than SHA-256, so we can expect that for SHA-512 it is more unlikely to practically find a collision than for SHA-256.

SHA-3, SHA3-256, SHA3-512, Keccak-256

SHA-3 (and its variants SHA3-224, SHA3-256, SHA3-384, SHA3-512), is considered more secure than SHA-2 (SHA-224, SHA-256, SHA-384, SHA-512) for the same hash length. For example, SHA3-256 provides more cryptographic strength than SHA-256 for the same hash length (256 bits).

BLAKE2 / BLAKE2s / BLAKE2b

BLAKE / BLAKE2 / BLAKE2s / BLAKE2b is a family of fast, highly secure cryptographic hash functions, providing calculation of 160-bit, 224-bit, 256-bit, 384-bit and 512-bit digest sizes, widely used in modern cryptography. BLAKE is one of the finalists at the SHA-3 NIST competition.

All of the above popular secure hash functions (SHA-2, SHA-3, BLAKE2, RIPEMD) are not restricted by commercial patents and are free for public use.

Insecure Hash Functions

Old hash algorithms like MD5, SHA-0 and SHA-1 are considered insecure and were withdrawn due to cryptographic weaknesses (collisions found). Don't use MD5, SHA-0 and SHA-1! All these hash functions are proven to be cryptographically insecure.

You can find in Internet that SHA1 collisions can be practically generated and this results in algorithms for creating fake digital signatures, demonstrated by two different signed PDF documents which hold different content, but have the same hash value and the same digital signature. See https://shattered.io.

Avoid using of the following hash algorithms, which are considered insecure or have disputable security: MD2, MD4, MD5, SHA-0, SHA-1, Panama, HAVAL (disputable security, collisions found for HAVAL-128), Tiger (disputable, weaknesses found), SipHash (it is not a cryptographic hash function).

Other Secure Hash Functions

The below functions are popular strong cryptographic hash functions, alternatives to SHA-2, SHA-3 and BLAKE2: